51 4. Achievements 4.1. Publications Monthly security bulletins: Monthly security bulletin comprises of Statistics of incidents handled by CERT-In, information on vulnerabilities in various Operating Systems and applications tracked, Cyber intrusion trends and other relevant IT security issues. Summary of Website Defacements depicting break-up of the websites defaced, top defacers and vulnerabilities and suggestions on best practices to secure web applications and web servers is published and circulated to all CISOs on monthly basis. Security Tips: Security tips for general users advising best practices to secure Mobile Devices, USB storage, Broadband routers, Desktops etc and secure usage of creditdebit cards online, preventive steps against phishing attacks were published.

4.2. Cyber Security Assurance initiatives

• National Cyber Security Policy-2013NCSP-2013 was released by Government in August 2013 for public use and implementation with all relevant stakeholders. The objective of the policy is to create a framework for comprehensive, collaborative and collective response to deal with the issue of cyber security at all levels within the country. • Government and critical sector organizations are implementing the security best practices in accordance with ISO 27001 standard and as per the advice issued by CERT-In. So far, 10 implementation enabling workshopsinteractions have been conducted. Services of CERT-In empanelled IT security auditors are being used to verify compliance. • 45 auditors were empanelled for audit of IT infrastructure after a fresh round of skill assessment in the year 2014. • CERT-In has also carried out security audits of some of the organizations in the critical sector. 5. International collaboration 52 • CERT-In has established collaborations with international security organisations and CERTs to facilitate exchange of information related to latest cyber security threats and international best practices. CERT-In is a member of Forum of Incident Response and Security Teams FIRST, APCERT and Anti-Phishing Working Group APWG. • Collaborating with overseas CERTs such as US-CERT, for information exchange and Joint cyber exercises. • CERT-In signed a MoU with Korea Internet Security Agency KISA in January, 2014 to enable information sharing and collaboration for incident resolution. 6. Future PlansProjects

6.1 Future projects

CERT-In has been evolved as the most trusted referral agency in the area of information security in the country. The future plans envisaged are: • Creation of a framework for comprehensive, collaborative and collective response to deal with the issue of cyber security at all levels within the country • Promotion of RD activities in the areas of attack detection prevention, Cyber Forensics and malware detection prevention. • Development and implementation of a crisis management framework to enable organisations to respond to cyber incidents and assess the preparedness of organisations to withstand cyber attacks • Creation of framework and facility for collection, correlation and analysis of security events in real time and generating early warning to constituency. • Creation of facilities to detect and clean the Botnet infected systems in coordination with Industry Contact Information Postal Address: Indian Computer Emergency Response Team CERT-In Department of Electronics information Technology Ministry of Communication information technology 53 Government of India Electronic Niketan 6, CGO Complex, Lodhi Road New Delhi – 110003 India Incident Response Help Desk: Phone: +91-11-24368572 +91-1800-11-4949 Toll Free Fax: +91-11-24368546 +91-1800-11-6969 Toll Free PGP Key Details: User ID: incidentcert-in.org.in Key ID: 0x9E346D2C Fingerprint: 4871 0429 EB42 0423 4E6A FAD6 B2D5 5C16 9E34 6D2C User ID: infocert-in.org.in advisorycert-in.org.in Key ID: 0x2D85A787 Fingerprint: D1F0 6048 20A9 56B9 5DAA 02A8 0798 04C3 2D85 A787 54 CNCERTCC National Computer network Emergency Response technical Team Coordination Center of China - People’s Republic of China 1. About CNCERTCC

1.1. Introduction